This vulnerability affects Oracle PeopleSoft Enterprise HCM Human Resources 9.2, particularly the Job Profile Manager component. It permits a high privileged attacker with network access via HTTP to perform unauthorized actions on critical data, including creation, deletion, or modification. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) indicates network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high confidentiality and integrity impacts without availability impact. The vulnerability is categorized under CWE-306 (Missing Authentication for Critical Function). Oracle's April 2026 Critical Patch Update advisory references multiple patches but does not explicitly confirm a patch for this vulnerability in the provided content.

Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data within PeopleSoft Enterprise HCM Human Resources. It can also result in unauthorized access to all accessible data in the affected product. The impact affects confidentiality and integrity but does not impact availability. The CVSS score of 6.5 reflects a medium severity level.

Oracle's April 2026 Critical Patch Update advisory includes numerous security patches and strongly recommends applying these updates promptly. However, the advisory content provided does not explicitly confirm a patch for CVE-2026-34280. Therefore, patch status is not yet confirmed—check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for the latest remediation guidance. Customers should remain on actively supported versions and apply Critical Patch Updates without delay to mitigate this and other vulnerabilities.